tech-userlevel: Re: Sendmail and anti-spam

Subject: Re: Sendmail and anti-spam
To: John Nemeth <jnemeth@cue.bc.ca>
From: David Gilbert <dgilbert@velocet.ca>
List: tech-userlevel
Date: 03/02/1999 10:33:36
>>>>> "John" == John Nemeth <jnemeth@cue.bc.ca> writes:

John> associated with it.  }  } refusing to accept mail from hosts
John> that cannot receive mail (because } they have no mx or a
John> records) is problematic at best.

John>      Personally, I agree with this.  People have no business
John> sending out mail with invalid return addresses.  This catches a
John> lot of spam without any false positive (I don't consider mail
John> that violates the RFC's to be false positives).

I don't have a problem requiring an MX record, but I do have a problem
with the recent spate of requiring an A record.  I relay mail for a
number of clients who neither have nor desire web service.  They all
have properly formatted MX's that all work, but I have had to recently
add (bogus, I might emphasize) A records such that certain providers
(PSI net listening?) will deliver mail.  This _BUGS_ me.

John> } i recommend a configuration where the mc file contains } }
John> FEATURE(relay_based_on_MX)

John>      This is a very bad idea.  Since anybody can create an MX
John> record for their domain that points at your mail server, it
John> would open you up to uncontrolled relaying.

Um... You might not understand this _very_ useful feature.  It only
allows sending _to_ a domain you're listed as an MX for (not _from_).
This is not useful to spammers since they do not control the MX's for
AOL, for instance.

Yes... this feature would allow some mallicious site to configure me
as an MX for themselves.  I'm willing to accept that (before the
anti-spam days, (gosh... had to be about 10 years ago) I almost always
added mail.uu.net as an MX :).

John>      It's also the only way to prevent your server from being
John> used for uncontrolled relaying.

RTFM.  Doesn't do that.

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://www.velocet.net/~dgilbert             |   are precisely opposite.  |
=========================================================GLO================